Cyber Assessment Framework (CAF) 4.0 Compliance
CAF v4.0 sets UK resilience expectations. Dragos OT-native technology, intelligence, and services help organizations exceed CAF requirements.
CAF 4.0 is the UK’s National Cyber Security Centre’s (NCSC) latest Cyber Assessment Framework that moves beyond compliance to demand proactive, intelligence-driven defense strategies. The NCSC CAF requires organizations to understand adversaries, anticipate attacks, and maintain continuous vigilance against sophisticated threats.
NCSC CAF 4.0 applies to organizations operating critical infrastructure and essential functions, including energy, transport, water supply, digital infrastructure, manufacturing of critical products, food, space, and public administration sectors.
Dragos WorldView provides OT-specific threat intelligence covering industrial adversary tactics, techniques, and procedures. Our intelligence helps organizations understand methods available to capable threat actors and develop plausible attack scenarios for their infrastructure.
CAF 4.0 requires continuous, near real-time monitoring without disrupting operations. Traditional IT security tools can cause latency issues in OT environments. Dragos Platform provides OT-native monitoring that respects operational constraints while delivering comprehensive visibility.
Our platform enables structured, intelligence-driven threat hunting specifically designed for industrial environments. It understands OT protocols, respects operational timing requirements, and can differentiate between normal process variations and malicious activity.
Yes, through comprehensive asset discovery that identifies all software components in OT environments, including embedded systems and legacy applications. Our services help establish vendor relationships for software transparency and vulnerability management throughout extended lifecycles.
We provide network visibility tools like NP-View that map data flows, identify segmentation gaps, and verify firewall rules. Our cyber security assessment services help redesign networks to implement proper security zones while maintaining operational requirements.
Dragos offers OT-specific incident response retainers, prescriptive playbooks tested in real-world scenarios, and tabletop exercises that simulate realistic attack scenarios while accounting for both cyber and safety considerations.
